Security Management Software

Answered Question
Feb 16th, 2010
User Badges:

Any suggestions appreciated.


I am running a wireless network using a LinkSystem WRVS4400N. I would really love a software application where I could monitor the router traffic from from my laptop and hopefully translated to something a bit more organized and useful then what is sent now as a log file.

I would love to know when I am being probed for any weakness in my network and more importantly, when my network has been compromised.

Cisco NetManager would not work on Vista but something simular for vista would be nice.


Suggestions anyone?


Operating system Vista - 64

Firewall / Virus software - AVG 9.0


Thanks for any help


Kenneth

Correct Answer by alissitz about 7 years 5 months ago

Hello,


Probably your network is being 'probed' 100s of times per hour ... a lot to say the least.  It might start with a ping, and then a port scan.


The WRVS does provide a nice perimeter, and so you are fine.  Are you keeping up with the software loads?  It is best to stay current and be sure to read the release notes when you are making your decision on whether or not you should upgrade the router.


Some side notes ... please forgive these ramblings  ...


Are you allowing well known ports to come into your network, unauthenticated traffic?  If you are allowing these for whatever reason, then outside traffic is already getting in.  If this trusted communications?  You would know best, but just trying to make the point that your router is doing much to stop all unwanted traffic so there is not much need to monitor this IMO unless you are allowing outside unauthenticated traffic into your network ...


Some basics for your router:


- change all the default passwords

- do not allow external management or even from the wireless network

- if you are sharing resources, then use a DMZ with specific security policies

- be a specific as possible in your policies  ...


If security is a heavy concern for you, then you may also choose to put ACLs on your switches too for the ports that connect to mission critical devices.  You can allow or disallow traffic in your switches ... Wireless network secure? 


You mentioned the virus software, and this is key along with keeping the PCs up to date.  It is far too often that we hear of new viruses and security holes ... it is important to keep up with the patches and virus software.


Wireshark is pretty good, but it might provide too much traffic analyses.  You can use filters to provide more focus.  How will you 'see' the traffic from the router?  You will need to set up a span / monitor port so that the traffic is also sent to your PC.


A note is needed -  when you enable span / monitor, some switches will block inbound traffic from the monitoring workstation.  This means you would need a dedicated monitoring station since this station would not be able to send traffic and only receive.


Refer to the switch documentation for info on whether or not this port becomes a dedicated monitoring port and or you can still work from it.


HTH,


Andrew Lissitz

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jamccord Wed, 02/17/2010 - 07:05
User Badges:

You may try a copy of wireshark.  It is a packet capture utility.

Correct Answer
alissitz Wed, 02/17/2010 - 07:25
User Badges:
  • Silver, 250 points or more

Hello,


Probably your network is being 'probed' 100s of times per hour ... a lot to say the least.  It might start with a ping, and then a port scan.


The WRVS does provide a nice perimeter, and so you are fine.  Are you keeping up with the software loads?  It is best to stay current and be sure to read the release notes when you are making your decision on whether or not you should upgrade the router.


Some side notes ... please forgive these ramblings  ...


Are you allowing well known ports to come into your network, unauthenticated traffic?  If you are allowing these for whatever reason, then outside traffic is already getting in.  If this trusted communications?  You would know best, but just trying to make the point that your router is doing much to stop all unwanted traffic so there is not much need to monitor this IMO unless you are allowing outside unauthenticated traffic into your network ...


Some basics for your router:


- change all the default passwords

- do not allow external management or even from the wireless network

- if you are sharing resources, then use a DMZ with specific security policies

- be a specific as possible in your policies  ...


If security is a heavy concern for you, then you may also choose to put ACLs on your switches too for the ports that connect to mission critical devices.  You can allow or disallow traffic in your switches ... Wireless network secure? 


You mentioned the virus software, and this is key along with keeping the PCs up to date.  It is far too often that we hear of new viruses and security holes ... it is important to keep up with the patches and virus software.


Wireshark is pretty good, but it might provide too much traffic analyses.  You can use filters to provide more focus.  How will you 'see' the traffic from the router?  You will need to set up a span / monitor port so that the traffic is also sent to your PC.


A note is needed -  when you enable span / monitor, some switches will block inbound traffic from the monitoring workstation.  This means you would need a dedicated monitoring station since this station would not be able to send traffic and only receive.


Refer to the switch documentation for info on whether or not this port becomes a dedicated monitoring port and or you can still work from it.


HTH,


Andrew Lissitz

kennethb1 Wed, 02/17/2010 - 11:11
User Badges:

Thankyou Andrew for your help.


In reply, I only allow access by mac address to the lan. I do stay up on updates to AVG Virus and Router updates as well if warranted. I did have a port issue specifically when adding a wireless printer to the network. I had to allow ports 427 and 161 UDP both in and out for secure network only to get the wireless printer to have communications. I was uncomfortable with that. Will that cause me any issues?


Again thankyou for taking the time to reply to my post.


Kenneth

alissitz Wed, 02/17/2010 - 11:53
User Badges:
  • Silver, 250 points or more

I think these ports are fine, it appears that HP needs these for remote monitoring of the printer over wireless.  Unsecured SNMP to your servers and routers can be an issue if there is no authentication is needed and RW access is provided.  RO is normally fine ... and as a best practice it should be shut off every where it is not needed.


I think you are fine with this.  Nice to hear you have secured the wireless as well.  Good stuff.


BTW - there is some free software on the web and you can do some port scans internally and or from each PC.  This can also tell you what is open and or unsecured.


HTH,


Andrew Lissitz